style-src in CSP header #614
cloudfinch-harshad
started this conversation in
General
Replies: 1 comment
-
|
Hey Buddy, Thanks for creating this discussion. But I am affraid I miss the context and real issue here. Would you be able to create a reproduction link where this problem appears? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hey Everyone I wanted to discuss a point I used Nuxt for my UI project and it hosted it on AWS amplify and my project goes on PWC security check and they raised one security vulnerability that unsafe-inline need to be removed caused its vulnerable for ssh attacks
'style-src': [ "'self'", // Enables loading of stylesheets hosted on the same origin "https:", // For increased security, replace with a specific hosting domain or file name of external stylesheets "'unsafe-inline'" // Recommended default for most Nuxt apps ],but nuxt security by versal says it cant be removed when I removed it my project all icons (eg. hero icons ) goes invisible and default layout and universal styling also not implementing help me hereBeta Was this translation helpful? Give feedback.
All reactions